Meeting GDPR Requirements

What is GDPR?

twinkling ights at night image
First and foremost - We Hedgehogs are not attorneys and this page should not be considered legal advice.

The General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. Per the official website, it “was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” 
Changes
What Constitutes Consent
One of the largest changes is that companies must now request consent for use of personal data in an easily understood and highly accessible format; long-form ‘Terms and Conditions’ filled with legal language are not considered sufficient under the new standards. Consent for use of personal data must be distinct and clear and must be asked for in plain and strong language. It must also be as easy to withdraw permission to use personal data as it is to give permission. And for ‘sensitive data’ only an explicit ‘opt-in’ is acceptable.
It's Personal
How is Personal Data Defined?
Any information related to a natural person that can be used to directly or indirectly identify the person is considered personal data. That includes the more obvious items such as names, photos, and email address, but also encompasses bank details, posts on social networking websites, medical information, or a computer IP addresses.
services 5
Organizations that do not comply with these new standards can be fined up to 4% of their annual global revenue or 20 million euro. The European Union will be taking a tiered approach to these fines, and again, enforcement will not just apply to these standards and fines to businesses that are physically located in the EU. Any company that processes or holds data of citizens of the EU is subject to these standards. So do you need to comply? Yes, unless you are willing to take all the risks. 
Next Steps
How do we comply?
Talk with your lawyer. A legal expert can inform you more thoroughly about these standards and how your procedures and website can be brought in line with them.  Review the key changes. These are publicly available on the official GDPR website.

Thought Leadership

flash of light

featured blog 

Seize the Day: Marketers, Brands and GDPR

As of May 25, 2018, any business within the European Union and any business that intends to operate within the EU in any way will have to adhere to new standards regarding data collection, storage, and use. If the thought of it doesn’t make you blink, it should – penalties of up to 20 million euros will be levied against offenders. So, now’s as good a time as any to start thinking about GDPR. I’m personally of the opinion that smart brands will see this as an opportunity to improve practices, embrace transparency and build customer trust.
Sample Service Feature

featured blog

Why You Should Care About the Consent Experience of GDPR

There are a variety of ways to handle consent implementation, from push-in notifications on the bottom of a screen to a more invasive pop-up. Read more of our blog post to see a few examples that show how companies are implementing and wording the language around this new business requirement.
Note that this page, or any of the information contained on it is not intended to constitute legal advice.

Let’s Work Together

When it comes to experiences we know how important it is to drive results.

Contact us today to get started.

Top Row
Middle Row
Bottom Row